Re: [fw-wiz] Firewalls that generate new packets.. - Firewalls

This is a discussion on Re: [fw-wiz] Firewalls that generate new packets.. - Firewalls ; Marcus: Not that I have tons to add to the discussion, but I have to ask
logically: If TCP Sequence numbers did NOT make a difference then why
do we go to so much trouble in the TCP stack to ...

Re: [fw-wiz] Firewalls that generate new packets..

Marcus: Not that I have tons to add to the discussion, but I have to ask
logically: If TCP Sequence numbers did NOT make a difference then why
do we go to so much trouble in the TCP stack to make them difficult to
predict?

Darden, Patrick S. wrote:
>
> Marcus J. Ranum
>
>
>
>> The hard thing I had to wrap my brain around was the
>> observation that between a router+ACLs combined
>> with the state that is held in the TCP stack of the
>> target, you've got exactly the same thing (and often
>> quite a bit better!) than a "stateful" firewall.
>>
>
> I respecfully disagree for all the reasons I have outlined
> before.... Sum: tcp sequence #s make a difference.
>
> --Patrick Darden
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>